Slides © 2002 Sophos Plc Computer Viruses: The end of the World as we know it?

transcript

www.sophos.com

Computer Viruses: The end of the World as we know it?

The media will often tell you…

It’s The End Of The World As We Know It - aka

TEOTWAWKI That the latest virus is a global disaster

Because of the data it destroys

Viruses and the media

Are viruses disasters?

Here are what some disasters look like...

Microsoft AntiVirus

Don’t panic!

Data destroyers are not disasters

Because you all have backups (we hope)

But is data destruction the worst problem viruses

cause?

But...

Data diddlers

Binary blabbers

Phantom posters

Oops! I did it again...

Your credibility can be affected by any of the

following

www.sophos.com

Credibility crushers

Data diddlers

Viruses which subtly corrupt data

Viruses can switch around or alter data

May take months before the data corruption is even

noticed

Maybe you’re posting financial information for

the stock market

You may have to make an embarrassing

retraction

Data diddlers

Imagine if your financial results were diddled with...

Data diddlers

Let’s make this more personal, shall we?

Romeo,

I love you.

I hate the thought that we

will never see each other

again.

Ta ta for now, Juliet

Romeo,

I hate you.

I love the thought that we

will never see each other

again.

Ta ta for now, Juliet

Data diddlers

Data diddlers corrupt your data by swapping information

AND…

…ruin your love life

www.sophos.com

Binary blabbers

Confidentiality breached

Email-aware viruses

Forwarding a confidential document to customers and

business associates

Who needs espionage when a virus is doing it for free?

Research, exam papers, results

Binary blabbers

Imagine Alistair Campbell wanted to send

an email

to Tony Blair

…even Mr Prescott!!

Binary blabbers

But the virus emailed his message to everybody in

the government

Everyone turns up to King’s Head

www.sophos.com

Phantom posters

Newsgroups: alt.impeach.clinton, alt.politics.clinton,alt.fan.rushlimbaugh, alt.rush-limbaugh

Message-Id: <3882669A.ACFF4B59@tabletoptelephone.com>

From: "Linus F. Zimmerman” <escopeta@tabletoptelephone.com>

Subject: Re: Bradley on homosexual access to military

Date: 17 Jan 2000 00:47:22 GMT

Attached file: HAPPY99.EXE

Consider this example:

Phantom posters

Newsgroups: alt.politics.economics, comp.software.year-

2000, misc.invest.stocks,alt.talk.year2000

Message-Id: <386F6446.CA9B2991@home.com>

From: Hyman Blumenstock <hystock@home.com>

Subject: Re: Defending Y2K - The Greatest Con Job Of All

Date: 02 Jan 2000 14:43:10 GMT

Attached file: HAPPY99.EXE

Would this affect your IT credibility?

Phantom posters

www.sophos.com

Credibility

Sending out a virus publicly announces you are

infected

What would your customers/colleagues think?

Credibility

Ziff Davis reported in August 1999

Fuji Bank sent out a document to investment partners regarding its

forthcoming merger with the Industrial Bank of Japan and Dai-Ichi

Kangyo Bank

When investors opened the document...

In short...

The media are focusing on data destruction as being

the problem with viruses

Yet your credibility and confidentiality is being

threatened by a growing number of viruses

Having anti-virus software in place and regularly

updated is a must…

Internet virus vectors

Other virus vectors

Network shares

Removable media

Four tiers of virus protection

Internet

Tier 4

Tier 3

Tier 2

Tier 1

Internet

Users’ computers

Tier 3

Tier 2

Tier 1

Users’ computers

Desktops

Laptops

Mobile ‘phones

Users’ computers

Main target

Only place guaranteed to see all data

Uncontrolled

Increasing diversity

Large numbers

Difficult to manage

Identification

Installation

Updates

Configuration

Internet

Users’ computers

Local servers

Tier 2

Tier 1

Local servers

File-servers

Application servers

Local servers

Susceptible to network aware viruses

Controlled by network administrators

Lower numbers

Easier to manage

Not all data passes through servers

Internet

Users’ computers

Local servers

Email servers

Tier 1

Email servers

Main route for viruses

Controlled by network administrators

Low numbers

Easy to manage

Data may not be readable e.g. Encryption

May not have access to stored email

Not only route for viruses

Internet

Users’ computers

Local servers

Email servers

Managed services

Managed service

Edge of network devices

Dedicated devices

Dedicated managed service

Managed service

Managed by supplier

No local management

Main route for viruses - Email

Data may not be readable e.g. Encryption

Not only route for viruses

No access to stored data

What else can you do?

But perhaps other preventative measures would

better protect your reputation from going down the

DISCLAIMER

Preventative anti-virus measures

The following rules and procedures are not foolproof

But they will dramatically reduce the threat viruses

can pose your organisation - and decrease the

chances of your confidentiality and credibility being

damaged

Avoid using DOC files

DOC files support macros

If macros are supported, macro viruses can flourish

Why not...

Save your documents in Rich Text Format (RTF)

RTF does not support macros

Configure Word to save files as RTF by default

Look out for security bulletins

Offer timely security information, patches and

updates

Examples include Microsoft,

(http://www.microsoft.com/technet/security),

and Sophos Anti-Virus

(www.sophos.com/virusinfo/notifications)

Block unwanted filetypes

Do you really need to send/receive these file types:

EXE, VBS, SHS, COM, SCR, JS, HTA, BAT?

If yes…

Set up a list of authorised users who can

send and receive these files.

If not, protect yourself!

Limit internet access

Viruses are often downloaded from the web

Is surfing the net a necessity in your organisation?

If yes...

Ensure that web access is only available on dedicated

internet PCs

Or limit access to trusted sites only.

If not…

get rid of the darn thing

Visit www.eicar.org and download the EICARtest file insteadNo infection risk. No worries.

Use EICAR for testing

Never EVER test your anti virus software with a virus

Deselect WSH

Deselect Windows Scripting Host (WSH)

Some viruses depend upon WSH to spread (e.g.VBE

and VBS)

Watch out for hoaxes

Never allow users to forward virus alerts

Sleuthing out whether a real virus or a hoax has

infiltrated your company is the administrator’s job and

no one else’s

Tell your users not to trust ANY virus alerts

(even from coolcat anti virus companies)

Don’t boot from floppies

Obstruct boot sector viruses via CMOS

Most PCs check the A: drive before

the C: when booting

An infected floppy disk in the

A: drive on boot up equals virus

Why not...

Change the sequence to “C: first” in

your BIOS settings to avoid pure

boot sector viruses

Warn users about floppies

Warn users about the dangers of floppies

Many believe that floppy disks are no longer used

But pure boot sector viruses are still infecting PCs

Laptops are a major contributor

Conclusion

Viruses, Trojans and worms are on the increase

They are becoming more complex and more effective

BUT...

It is not the end of the World!

They are preventable

Anti-virus software

Best practice

Know your enemy

Ignore the hype

Latest virus alerts

Recent reports

Playing on World Cup interest

Latest virus alerts

The Barthez virus

Prevents you from saving anything

Latest virus alerts

The Rivaldo virus

Repeatedly falls over but immediately reboots with

no apparent side-effects

Latest virus alerts

The Roy Keane virus

Makes the PC unstable and throws you out of

Windows

Latest virus alerts

The Argentinian virus

Looks dangerous but deletes itself after ten days

www.sophos.com

Computer Viruses: NOT the end of the World as we know it!

Slides © 2002 Sophos Plc Computer Viruses: The end of the World as we know it?

Documents